Public Health Wales has confirmed it has been subject to a data breach in which thousands of Welsh residents who have tested positive for COVID-19 have had their personal details breached.
The incident occurred on 30 August 2020, when the personal data of 18,015 Welsh residents who have tested positive for coronavirus was uploaded to a public server by mistake due to human error, where it was searchable by anyone who was using the site. The data was uploaded to the Public Health Wales COVID-19 dashboard on the Health Protection Tableau thumbnail page. It occurred when a member of the Public Health Wales staff was uploading data to the Tableau, which is a business intelligence software used by Public Health Wales, and the member of staff accidentally clicked publish on the public-facing server rather than the internal restricted one.
Once they were alerted to the breach, Public Health Wales said the data was removed the next morning on the 31 August 2020. They confirmed that in the 20 hours it was online, it had been viewed 56 times, but they cannot determine who by.
Public Health Wales said in a statement that the risk of people being identified from the information released was low and that there has been no evidence at this stage that the data has been misused.
What personal data was breached?
In the majority of cases, for 16,179 people, the information consisted of their initials, date of birth, geographical area, and sex. However, for 1,926 people living in nursing homes or similar settings such as supported housing, or residents who share the same postcode as these settings, the information also included the name of the setting.
The health body said in a statement:
“A risk assessment has been conducted and legal advice has been sought, both of which advise that the risk of identification of the individuals affected by this data breach appears low. There is no evidence at this stage that the data has been misused. However, we recognise the concern and anxiety this will cause and deeply regret that on this occasion we have failed to protect Welsh residents’ confidential information.”
Public Health Wales went on to say that the Information Commissioner’s Office and Welsh Government have been informed and they have commissioned an external investigation into the full circumstance surrounding the data breach.
How to know if you have been affected by the Public Health Wales coronavirus patient’s data breach
The personal data that was breached was for every Welsh resident who has tested positive for COVID-19 between 27th February 2020 and the 30th of August 2020. So, if you fall into this category then you may have been affected by this breach and could be entitled to claim compensation for this breach of your personal information.
Public Health Wales has stated that they will not be contacting all those affected because the risk to them is considered low. However, if you are concerned that your data or that of a close family member may have been breached, you should contact Public Health Wales at PHW.firstname.lastname@example.org or 0300 003 0032 to discuss your concerns.
What to do if you have been involved in the data protection breach
If you have fallen victim to a data protection breach, where your personal and private information has not been stored safely then you could be entitled to claim compensation. You have the right to have your personal information kept private. A data protection breach can cause emotional distress and, in some cases, financial losses to those affected, and claiming compensation can help you to get your life back on track and recover any losses that may have come because of it.
Under General Data Protection Regulation (GDPR), by law, public bodies and private companies who collect a significant amount of sensitive information about people have to store the data responsibly and can be prosecuted if they do not do so. You can be entitled to claim compensation for:
- Misuse of private information
- Loss of control of data
- Breach of confidence
- Financial Loss
- Human rights breaches
HNK Solicitors can help with your data protection claim
HNK Solicitors have a team of expert data protection claim solicitors who have years of experience in handling data breach claims, and successfully holding public bodies to account and obtaining compensation for those affected. We provide free no-obligation consultations to all our clients, and can even offer a no-win, no-fee agreement dependent on the details of your case. To find out more about pursuing a claim for a data breach, visit our data protection claims page, or contact us at 0151 203 1104 or email@example.com.